Role - Agent ACL
<[^>]+?>","")" class="contextID">
BMC Server Automation allows you to perform certain functions when that connection is established, and the definitions you provide on this page control those functions. For example, you can specify that a user with this role has privileges equivalent to root on the remote server. You can associate a Windows automation principal with a role. Or, you can specify that a user with this role only has access to a particular directory on the remote server.
The Agent ACL panel provides most of the same functionality as the users configuration file on an RSCD agent. For more information about the users file, see Users and users.local files overview.
After you have defined a role, you should run an ACL Push Job on servers that the role is authorized to access. The ACL Push Job copies access control list (ACL) information derived from the role definition and uses it to overwrite the users configuration file. After you have pushed ACL information to an agent, the settings you have defined for the role are used to control all incoming connections to that agent. For more information about pushing ACLs, see Controlling server access with agent ACLs.
Field definitions
Field |
Description |
---|---|
User must exist on agent |
Check to instruct a server to allow a connection from a user only when an account with the same user name exists on the server. This option is analogous to the exists option in the users configuration file. |
Allowed Hosts |
Specify the hosts from which a user can connect to a server. Separate host names with a colon, such as |
Read Only and Read/Write |
Specify whether all users in the role are granted either read-only or read/write permission on servers. You cannot use a role to give read-only permission to some users and read/write permission to others. Use the users.local file to create a more fine-grained set of permissions. For more information, see Users and users.local files overview. |
Map to user name |
Check to force a user connecting to a server to have the same permissions as a user with that same name on the server. For example, if you check this option and user betty connects to a server, she has the same permissions as those already defined for user betty on the server. If you check this option, a user cannot connect to a server unless an identical user name is already defined on the server. |
Platform Related |
Define permissions that vary by platform. Click the UNIX tab and enter the following values as they apply to UNIX servers. Then click the WINDOWS tab and enter the following values as they apply to Windows servers:
|
Comments
Log in or register to comment.